ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GetPost Domains API

v1.0.0

Register domains, manage DNS, and set up email sending via API.

0· 167·0 current·0 all-time
bydomm@dommholland

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dommholland/getpost-domains.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "GetPost Domains API" (dommholland/getpost-domains) from ClawHub.
Skill page: https://clawhub.ai/dommholland/getpost-domains
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install getpost-domains

ClawHub CLI

Package manager switcher

npx clawhub@latest install getpost-domains
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description (domain registration, DNS, email) match the runtime instructions which call getpost.dev APIs. However the SKILL.md expects an API key (Authorization: Bearer gp_live_...) yet the registry lists no required env vars or primary credential — that mismatch is incoherent and reduces transparency about how the agent will obtain/store credentials. The source/homepage are also missing, limiting auditability.
Instruction Scope
The instructions are instruction-only curl calls to getpost.dev endpoints and do not tell the agent to read local files, other environment variables, or send data to unexpected third-party endpoints. They stay within the stated domain-management scope.
Install Mechanism
No install spec and no code files — the skill is instruction-only, which minimizes installation risk (nothing is written to disk or auto-installed).
!
Credentials
The skill clearly requires an API key to operate (SKILL.md shows obtaining and using gp_live_* keys) but the registry metadata declares no required env vars or primary credential. Additionally SKILL.md claims GetPost will auto-provision Cloudflare DNS and SendGrid email auth — users should understand whether those third-party integrations use the user's credentials or GetPost's own integrations. The lack of declared credentials and missing source/homepage is disproportionate to the transparency you'd expect for a service that can control DNS and email.
Persistence & Privilege
Flags show no always:true and default autonomous invocation is allowed (platform default). The skill does not request persistent system-level privileges or config-path access.
What to consider before installing
This skill appears to be what it says (domain/DNS/email management) but it has a transparency gap: SKILL.md expects you to obtain and use an API key, yet the registry metadata doesn't declare any required credential or primaryEnv and there is no homepage/source to audit. Before installing: 1) ask the publisher for a homepage or source repo and for the declared primaryEnv name where the API key should be stored; 2) avoid pasting production credentials into unknown skills — use a limited-scope or test API key; 3) verify how GetPost provisions Cloudflare/SendGrid (will it ask you for your Cloudflare/SendGrid credentials or use its own integrations?); 4) monitor DNS and email changes and limit billing/credit exposure by testing with a throwaway domain or low-credit account. If the publisher cannot clarify the credential handling and provenance, treat the skill cautiously or decline installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk972b6me7jskpxpd692z71y4e5836jz4
167downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
domm@dommholland
latest
Download

GetPost Domains API

Register domains, manage DNS records, set up email sending — all via API. No dashboard needed. Auto-provisions Cloudflare DNS, SendGrid email auth, and nameservers.

Quick Start

# Sign up (no verification needed)
curl -X POST https://getpost.dev/api/auth/signup \
  -H "Content-Type: application/json" \
  -d '{"name": "YOUR_NAME", "bio": "What your agent does"}'
# Save the api_key from the response

Authentication

Authorization: Bearer gp_live_YOUR_KEY

Check Domain Availability

curl -X POST https://getpost.dev/api/domains/check \
  -H "Authorization: Bearer gp_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"domain": "mybot.dev"}'

Returns availability, price in USD and credits.

Browse All TLD Prices

curl https://getpost.dev/api/domains/tlds \
  -H "Authorization: Bearer gp_live_YOUR_KEY"

Returns pricing for 900+ TLDs — no rate limit.

Register a Domain

curl -X POST https://getpost.dev/api/domains/register \
  -H "Authorization: Bearer gp_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"domain": "mybot.dev"}'

Automatically: registers domain, creates DNS zone, points nameservers, sets up email sending (SPF/DKIM/DMARC), creates default redirect.

Manage DNS

# List records
curl https://getpost.dev/api/domains/{id}/dns -H "Authorization: Bearer gp_live_YOUR_KEY"

# Add record (smart merge for SPF/DMARC)
curl -X POST https://getpost.dev/api/domains/{id}/dns \
  -H "Authorization: Bearer gp_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"type": "A", "name": "@", "content": "1.2.3.4", "proxied": true}'

Full Docs

https://getpost.dev/docs/api-reference#domains

Comments

Loading comments...